DA
Uploaded byD. Michael Allen
87 views

PCI What? The Basics of PCI Compliance Issues for Small Businesses

PCI-DSS is a set of technical and operational standards designed to protect cardholder data, applicable to all entities involved in payment card processing. Compliance is essential to avoid liability for breaches while also implementing best practices for security. Businesses must assess their compliance level, complete self-assessment questionnaires, and adhere to various requirements including building secure networks and maintaining information security policies.

Embed presentation

Download to read offline
PCI - What? the basics of PCI compliance
What is PCI-DSS? Technical and Operational Standards designed to protect cardholder data.
Who does it apply to? “all entities involved in payment card processing - including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process, or transmit cardholder data.”
Who Says? PCI Security Standards Council
Wha? 1. Credit card companies write and decide on standards. 2. A committee of ‘interested parties’ offer input.
So why do I care?
(glass half empty) If you process electronic payments, you probably signed a contract that makes you liable for a breach.
(glass half full) PCI Compliance means that you are implementing best practices that protect you and your customers.
So What Next?
Read Everything There are several hundred pages of materials available online. Study them all. Learn the vocabulary. Understand the beast.
Self Assessment Determine what level of compliance your company is required to maintain.
What Merchant Level? Merchant Level defines your requirements for compliance and this can vary greatly from one business to the next.
Self Assessment Questionnaire Merchants fit into 1 of 5 SAQ categories. Figure out which one applies to you. Download the appropriate SAQ.
Requirements 1. Build and Maintain a Secure Network. 2. Protect Cardholder Data. 3. Maintain a Vulnerability Management Protocol. 4. Implement Strong Access Control. 5. Regularly Monitor and Test Networks. 6. Maintain an Information Security Policy.
Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data 1. Protect stored cardholder data. 2. Encrypt transmission of cardholder data across open, public networks.
Maintain a Vulnerability Management Program 1. Use and regularly update anti-virus software programs. 2. Develop and maintain secure systems and applications.
Implement Strong Access Control Measures 1. Restrict access to cardholder data by business need to know. 2. Assign a unique ID to each person with computer access. 3. Restrict physical access to cardholder data.
Regularly Monitor and Test Networks 1. Track and monitor all access to network resources and cardholder data. 2. Regularly test security systems and processes.
Maintain an Information Security Policy 1. Maintain a policy that addresses information security for all personnel.
Report 1. Evaluate your compliance for each point in the SAQ - it’s simply yes or no. 2. If you are not compliant with a standard, make a plan.
Monitor 1. Use a QSA to evaluate your compliance. 2. Schedule quarterly intrusion scans with an approved scanning vendor.
Remember! 1. Everyone who accepts or handles electronic payments is affected. 2. It requires strong systems and constant monitoring.

More Related Content

PPTX
How to Achieve PCI Compliance with an Enterprise Job Scheduler
byHelpSystems
 
PPTX
What goes into managed security services
byPhreedom Technologies
 
PPTX
6 Biggest Cyber Security Risks and How You Can Fight Back
byMTG IT Professionals
 
PPTX
PCI DSS & PA DSS Version 3.0 Changes Webinar
byControlCase
 
PPTX
Overview of RateSetter web security
byRateSetter
 
PPT
Security Readiness Profile
bypds2k.com
 
PPTX
PCI Change Detection: Thinking Beyond the Checkbox
byTripwire
 
PDF
How to Secure Your Clinical Network
byMedigate
 
How to Achieve PCI Compliance with an Enterprise Job Scheduler
byHelpSystems
 
What goes into managed security services
byPhreedom Technologies
 
6 Biggest Cyber Security Risks and How You Can Fight Back
byMTG IT Professionals
 
PCI DSS & PA DSS Version 3.0 Changes Webinar
byControlCase
 
Overview of RateSetter web security
byRateSetter
 
Security Readiness Profile
bypds2k.com
 
PCI Change Detection: Thinking Beyond the Checkbox
byTripwire
 
How to Secure Your Clinical Network
byMedigate
 

What's hot

PPTX
08 july 2016
byTamil sgbc
 
PDF
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
byTraceSecurity
 
PDF
What You Need to Know About Intelligent Network Segmentation
byMedigate
 
PPTX
PCI DSS 3.0: Don’t Shortchange Your PCI Readiness
byTripwire
 
PDF
ISO 27001 INFORMATION TECHNOLOGY MANAGEMENT SYSTEM
byRozil Anwar
 
ODP
Active Network Monitoring brings Peace of Mind
byThe Lorenzi Group
 
PDF
January Infographic: Benefits of Partnering with an Managed Service Provider
byThe TNS Group
 
PDF
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
byControlCase
 
PDF
Medical Devices Under Attack
byMedigate
 
PDF
SECURITY
byTony Fanelli
 
PDF
Lowlands Unite NL 2017 - ATA to Z
byTim De Keukelaere
 
PDF
10 steps to cyber security
byAshish Mishra ☁
 
PDF
10 steps to cyber security
byTevfik Üret
 
PPTX
Encryption Solutions for Healthcare
bySteve Dunn
 
PDF
Cybersecurity: Quick Preparedness Assessment
byCBIZ, Inc.
 
PPTX
Integrated Compliance
byKimberly Simon MBA
 
PDF
Unlock the Power of Your IoT Security Platform
byMedigate
 
08 july 2016
byTamil sgbc
 
Protect Cardholder Data and Maintain PCI Compliance with PCI Penetration Testing
byTraceSecurity
 
What You Need to Know About Intelligent Network Segmentation
byMedigate
 
PCI DSS 3.0: Don’t Shortchange Your PCI Readiness
byTripwire
 
ISO 27001 INFORMATION TECHNOLOGY MANAGEMENT SYSTEM
byRozil Anwar
 
Active Network Monitoring brings Peace of Mind
byThe Lorenzi Group
 
January Infographic: Benefits of Partnering with an Managed Service Provider
byThe TNS Group
 
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
byControlCase
 
Medical Devices Under Attack
byMedigate
 
SECURITY
byTony Fanelli
 
Lowlands Unite NL 2017 - ATA to Z
byTim De Keukelaere
 
10 steps to cyber security
byAshish Mishra ☁
 
10 steps to cyber security
byTevfik Üret
 
Encryption Solutions for Healthcare
bySteve Dunn
 
Cybersecurity: Quick Preparedness Assessment
byCBIZ, Inc.
 
Integrated Compliance
byKimberly Simon MBA
 
Unlock the Power of Your IoT Security Platform
byMedigate
 

Similar to PCI What? The Basics of PCI Compliance Issues for Small Businesses

PDF
PCI Compliance Overview
byLawPay
 
PPT
PCI DSS
byDuy Do Phan
 
PPTX
Educause+PCI+briefing+4-19-20162345.pptx
bygealehegn
 
DOCX
Online_Transactions_PCI
byKelly Lam
 
PPT
pci-comp pci requirements and controls.ppt
bygealehegn
 
PPTX
PCI DSS Compliance Readiness
byAl Abbas, PMP, CISSP, MBA, MSc
 
PPT
PCI-DSS Experience- Phan Canh Nhat Present on 13/11/2014
byLuong Trung Thanh
 
DOC
Pci Saq D
byJeffrey Katz
 
PDF
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
byStephanie Gutowski
 
PPTX
PCI Compliance - Delving Deeper In The Standard
byJohn Bedrick
 
PDF
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
byMiminten
 
PDF
Pci standards, from participation to implementation and review
byisc2-hellenic
 
PPTX
Payment Card Acceptance PCI Compliance for Local Governments 2012
byDonald E. Hester
 
PPTX
A practical guides to PCI compliance
byJisc
 
PDF
a Guide for quick pci dss and payment security
bysuridhalder
 
PPT
Experience for implement PCI DSS
byNhat Phan Canh
 
PDF
PCI compliance and fraud prevention for non profits
byNetSquared Vancouver
 
PPTX
Introduction to PCI DSS
bySaumya Vishnoi
 
PPT
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
byMelanie Beam
 
PPT
eCommerce Summit Atlanta Mountain Media
byeCommerce Merchants
 
PCI Compliance Overview
byLawPay
 
PCI DSS
byDuy Do Phan
 
Educause+PCI+briefing+4-19-20162345.pptx
bygealehegn
 
Online_Transactions_PCI
byKelly Lam
 
pci-comp pci requirements and controls.ppt
bygealehegn
 
PCI DSS Compliance Readiness
byAl Abbas, PMP, CISSP, MBA, MSc
 
PCI-DSS Experience- Phan Canh Nhat Present on 13/11/2014
byLuong Trung Thanh
 
Pci Saq D
byJeffrey Katz
 
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
byStephanie Gutowski
 
PCI Compliance - Delving Deeper In The Standard
byJohn Bedrick
 
PCI Compliance—Love It, Hate It, But Don’t Ignore It (11NTCpci)
byMiminten
 
Pci standards, from participation to implementation and review
byisc2-hellenic
 
Payment Card Acceptance PCI Compliance for Local Governments 2012
byDonald E. Hester
 
A practical guides to PCI compliance
byJisc
 
a Guide for quick pci dss and payment security
bysuridhalder
 
Experience for implement PCI DSS
byNhat Phan Canh
 
PCI compliance and fraud prevention for non profits
byNetSquared Vancouver
 
Introduction to PCI DSS
bySaumya Vishnoi
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
byMelanie Beam
 
eCommerce Summit Atlanta Mountain Media
byeCommerce Merchants
 

PCI What? The Basics of PCI Compliance Issues for Small Businesses

  • 1.
    PCI - What? thebasics of PCI compliance
  • 2.
    What is PCI-DSS? Technicaland Operational Standards designed to protect cardholder data.
  • 3.
    Who does itapply to? “all entities involved in payment card processing - including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process, or transmit cardholder data.”
  • 4.
    Who Says? PCI SecurityStandards Council
  • 5.
    Wha? 1. Credit cardcompanies write and decide on standards. 2. A committee of ‘interested parties’ offer input.
  • 6.
    So why doI care?
  • 7.
    (glass half empty) Ifyou process electronic payments, you probably signed a contract that makes you liable for a breach.
  • 8.
    (glass half full) PCICompliance means that you are implementing best practices that protect you and your customers.
  • 9.
  • 10.
    Read Everything There areseveral hundred pages of materials available online. Study them all. Learn the vocabulary. Understand the beast.
  • 11.
    Self Assessment Determine whatlevel of compliance your company is required to maintain.
  • 12.
    What Merchant Level? MerchantLevel defines your requirements for compliance and this can vary greatly from one business to the next.
  • 13.
    Self Assessment Questionnaire Merchants fitinto 1 of 5 SAQ categories. Figure out which one applies to you. Download the appropriate SAQ.
  • 14.
    Requirements 1. Build andMaintain a Secure Network. 2. Protect Cardholder Data. 3. Maintain a Vulnerability Management Protocol. 4. Implement Strong Access Control. 5. Regularly Monitor and Test Networks. 6. Maintain an Information Security Policy.
  • 15.
    Build and Maintaina Secure Network 1. Install and maintain a firewall configuration to protect cardholder data. 2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  • 16.
    Protect Cardholder Data 1.Protect stored cardholder data. 2. Encrypt transmission of cardholder data across open, public networks.
  • 17.
    Maintain a Vulnerability ManagementProgram 1. Use and regularly update anti-virus software programs. 2. Develop and maintain secure systems and applications.
  • 18.
    Implement Strong Access ControlMeasures 1. Restrict access to cardholder data by business need to know. 2. Assign a unique ID to each person with computer access. 3. Restrict physical access to cardholder data.
  • 19.
    Regularly Monitor and TestNetworks 1. Track and monitor all access to network resources and cardholder data. 2. Regularly test security systems and processes.
  • 20.
    Maintain an Information SecurityPolicy 1. Maintain a policy that addresses information security for all personnel.
  • 21.
    Report 1. Evaluate yourcompliance for each point in the SAQ - it’s simply yes or no. 2. If you are not compliant with a standard, make a plan.
  • 22.
    Monitor 1. Use aQSA to evaluate your compliance. 2. Schedule quarterly intrusion scans with an approved scanning vendor.
  • 23.
    Remember! 1. Everyone whoaccepts or handles electronic payments is affected. 2. It requires strong systems and constant monitoring.